Security Weekly was nominated for the 2015 Best Security Podcast! Please vote for our show here: Security Blogger Awards

Sponsors & Announcements

"And now from the dark corners of the Internet, where the exploits run wild, packets get sniffed, and the beer flows steady its Security Weekly!"

"Sponsored by Tenable network security. Tenable is a developer of enterprise vulnerability, compliance and log management software, but most notably the creators of Nessus, the worlds best vulnerability scanner. Tenable's Security Center extends the power of Nessus through reporting, remediation workflow, IDS event correlation and much more. Tenable ‚Äì Unified Security Monitoring!"

"Core Security Technologies, helping you penetrate your network. Now version 10.5 full of Jive! Rock out with your 'sploit out! Listen to this podcast and qualify to receive a 10% discount on Core Impact, the worlds best penetration testing tool."

"Cenzic, create a Hailstorm for your web applications! Sign up for a free trial of the Hailstorm software or scan remotely with their new online service to keep you web applications in check."

Episode Media

Ron Bowes is a Security Analyst for the Province of Manitoba and also runs Dash9 Security consulting. Ron is an active Nmap developer, compiles and disseminates research data on leaked or cracked passwords, and currently maintains and develops dnscat, which implements reverse shells over DNS in new and clever ways. He blogs at skullsecurity.org.

Ron will be going over a number of exciting topics for his technical segment! First, he'll talk about scripts he's written for the Nmap Scripting Engine that target the SMB protocol, and what kind of information Windows provides if you ask it nicely (and know the secret handshake). Second, looking at recent password breaches, with statistics about the terrible passwords people use, we'll see why we should all care about password breaches. And finally, he'll reveal exactly how he accidentally obtained the title "Facebook hacker" and how names obtained from Facebook can be used, with great success, to crack passwords.

Linux Kernel Vulnerabilities Lingering - [Paul Asadoorian] - I have to say, I believe that the several in the Linux community have gotten a bit comfortable in terms of security. They have a history of silently introducing patches, belieing that vulnerabiliites are not exploitable, and creating a false sense of security. Good thing we have people like Brad Spengler to point out security flaw. I think people think that maybe because Linux kernel is open source that its secure? Or that when peopel find vulnerabilities they will be fixed? Who know, buts got to stop, Linux has and will have a lot of vulnerabilities, so deal with it.

ReCAPTCHA Cracked! - [Paul Asadoorian] - Will we ever stop the SPAM problem? I'm guessing not, as there is too much money to be made, so people will always try to get around any anti-spam measure.

Rogue Wireless Access Point Vulnerabilities - [Paul Asadoorian] - I was reading this article, quite happily, until I saw this: "If you think about [wired-only scanning], that's goofy -- it doesn't make any sense," King says. "In the case of the TJX hacker, you wouldn't have found any of that." Goofy? Really? If something is plugged into your network there is a good chance you can pick it up on the wire. In fact, there are many ways in which you could have detected the TJX hackers, for example once they were sending packets onto the network an IDS or passive scanner could have detected them. I do agree though, "wired-only" is silly. You need both. There are direct attacks against the wireless protocols that will only be detected using a wireless detection system. There are also many ways to "hide" on wireless, such as using non-US channels, Bluetooth, 900Mhz, or any other wireless communications that won't get picked up by whatever wireless security device is in place at the organization.

How to DDOS a Cell Phone - [Paul Asadoorian] - What kind of world would this be without YouTube sensation Justin Beiber (his Mom is hot though). Anyways, he recently Tweeted his "Friends" cell phone number to all 4 million followers. The cell phone rang and received TXT messages non-stop. Hope he had unlimited TXT messaging. PS. Justin's Mom is till hot and no, she didn't pose nude for Playboy. PPS. I just listened to 15 seconds of a Justin Bieber song, and now I am ill.

another example of a large non-security company buying a security company - [Paul Asadoorian] - Really Bruce? Then tell me, why would the largest and most successful chip maker in the world buy a company that produces a bloated half-ass anti-virus product? Oh, and never mind the DAT file debacle. If Intel truly was interested in a client-side security product, they could have done so much better.

Embedded Vulnerabilities = Scary - [Security Weekly] - Did you know Tenable has created plugins to detect similar vulnerabilities in the QNX debug service? Yes, yes they have!

- redaction fail - [Larry] - Wow, I like this type of redaction. Highlight the text and the redaction goes away. Why is this so difficult, and why don't people test?

Websense filter bypass - [Larry] - Only version 6.0, which is older but still supported if I recall. This one is simple as adding the Via: directive to the header of your HTTP request, which is a trivial task with Firefox and a single plugin. How long before malware authors include this as it is so simple…because URL filtering works wonders after a machine has been compromised for several reasons.

More on testing… - [Larry] - If you have the ability to do SQL injection against a site as large as say, apple.com, you had dammed well better be sure that your specially crafted iframes that are encoded to bypass WAFsrender as valid, working HTML by the client. This being said by the guy who sent a PDF exploit to an entire company's address book via SET, with the connect back sent to 127.0.0.1…

Disney, Zombies and Cookies? - [Larry] - Disney is being sued for tracking online habits (of children) when they said they wouldn't not through the browser cookies though, but using Flash based cookies or LOS Locally stored Objects…by backing up browser cookies into the LSO. After deletion, another (or even the same site) can restore the cookies or possible read them from the LSO… I wonder how may sites are doing this, and if we can start using the practice for evil by retrieving cookies before deletion and sending them elsewhere…